﻿<cfscript>
/** 
* Security Frameworks - Authentication
* 
* @hint "Security Frameworks - Authentication." 
*/ 

component 
	displayname="public.service.handler.authentication" 
	output=false 
	accessors=true 
	depends="ticketGrantingCookie" 
	{
	
	property name="TicketGrantingCookie" hint="Cookie 操作组件";
	
	/**
	* @hint "初始化对象"
	*/
	public public.service.handler.authentication function init() output=false {
		return this;
	}
	
	
	/**
	* @hint "用户登录"
	* 
	* @authUser "用户名"
	* @authGroup "用户所在用户组, 多个用户组使用,分割组合成字符串"
	*/
	public void function login( required string authUser, required string authGroup ) output=false {
		
		var cookieAdvice = getTicketGrantingCookie();
		
		/* 标注用户 ATGC-SESSION */
		cookieAdvice.create( authUser );
		
		var ticketID = "ATGC-" & "acadmicManager" & "-" & arguments.authUser;
		var sessionStorage = structNew();
				
		structInsert( sessionStorage, "AutherUserID", arguments.authUser, true );
		structInsert( sessionStorage, "AuthorizedUserGroups", arguments.authGroup, true );
		
		if ( listFindNoCase( arguments.authGroup, "P001" ) ) {
			structInsert( sessionStorage, "AutherUserType", "Teacher", true );
		}
		
		if ( listFindNoCase( arguments.authGroup, "P002" ) ) {
			structInsert( sessionStorage, "AutherUserType", "Student", true );
		}
		
		/* 将创建的ATGC放置于系统缓存中 */
		cachePut( ticketID, sessionStorage, createTimeSpan(2, 0, 0, 0), createTimeSpan(0, 0, 30, 0), "matrixSession" );
		
	}
	
	
	/**
	* @hint "用户注销"
	*/
	public void function logout() output=false {
		
		var ticketId = getAutherTicket();
		
		if ( len(ticketId) ) {
			/* 将缓存数据删除 */
			cacheRemove( ticketId, false );
		}
			
		/* 清除用户 ATGC-SESSION */
		var cookieAdvice = getTicketGrantingCookie();
		cookieAdvice.delete();
		
	}
	
	
	/**
	* @hint "返回用户 ATGC "
	*/
	public string function getAutherTicket() output=false {
		
		var cookieAdvice = getTicketGrantingCookie();
		
		if ( cookieAdvice.exists() ) {
			return "ATGC-" & "acadmicManager" & "-" & cookieAdvice.getUserName();
		}

		return "";
	}
	
	
	/**
	* @hint "返回认证用户"
	*/
	public string function getAutherUserID() output=false {
		
		var ticketId = getAutherTicket();
		
		if ( len(ticketId) ) {
			
			var sessionStorage = cacheGet( ticketId, "matrixSession" );
			
			if ( isDefined("sessionStorage") and structKeyExists(sessionStorage, "AutherUserID") ) {
				return sessionStorage["AutherUserID"];
			}
			else {
				/* 缓存过期 清除用户 ATGC-SESSION */
				var cookieAdvice = getTicketGrantingCookie();
				cookieAdvice.delete();
			}
			
		}
		
		return "";
	}
	
	
	/**
	* @hint "返回认证用户类型"
	*/
	public string function getAutherUserType() output=false {
		
		var ticketId = getAutherTicket();
		
		if ( len(ticketId) ) {

			var sessionStorage = cacheGet( ticketId, "matrixSession" );
			
			if ( isDefined("sessionStorage") and structKeyExists(sessionStorage, "AutherUserType") ) {
				return sessionStorage["AutherUserType"];
			}
			else {
				/* 缓存过期 清除用户 ATGC-SESSION */
				var cookieAdvice = getTicketGrantingCookie();
				cookieAdvice.delete();
			}
			
		}
		
		return "";
	}
	
	
	/**
	* @hint "返回认证用户所归属的用户组"
	*/
	public string function getAuthorizedUserGroups() output=false {
		
		var ticketId = getAutherTicket();
		
		if ( len(ticketId) ) {

			var sessionStorage = cacheGet( ticketId, "matrixSession" );
			
			if ( isDefined("sessionStorage") and structKeyExists(sessionStorage, "AuthorizedUserGroups") ) {
				return sessionStorage["AuthorizedUserGroups"];
			}
			else {
				/* 缓存过期 清除用户 ATGC-SESSION */
				var cookieAdvice = getTicketGrantingCookie();
				cookieAdvice.delete();
			}
			
		}

		return "";
	}
	
	
	/**
	* @hint "返回认证用户所有属性"
	*/
	public struct function getUserProps() output=false {
		
		var ticketId = getAutherTicket();
		
		if ( len(ticketId) ) {

			var sessionStorage = cacheGet( ticketId, "matrixSession" );
			
			if ( isDefined("sessionStorage") and structKeyExists(sessionStorage, "AuthorizedUserGroups") ) {
				return sessionStorage;
			}
			else {
				/* 缓存过期 清除用户 ATGC-SESSION */
				var cookieAdvice = getTicketGrantingCookie();
				cookieAdvice.delete();
			}
			
		}

		return structNew();
	}
	
	
	/**
	* @hint "返回认证用户指定属性"
	* 
	* @propName "用户属性名"
	*/
	public string function getUserProp( required string propName ) output=false {
		
		var ticketId = getAutherTicket();
		
		if ( len(ticketId) ) {

			var sessionStorage = cacheGet( ticketId, "matrixSession" );
			
			if ( isDefined("sessionStorage") and structKeyExists(sessionStorage, arguments.propName) ) {
				return sessionStorage[arguments.propName];
			}
			
		}
		
		return "";
	}
	
	
	/**
	* @hint "判断当前会话是否已授权"
	*/
	public boolean function isUserAuthorized() output=false {
		return yesNoFormat(len(getAutherUserID()));
	}
	
	/**
	* @hint "判断当前会话的用户组, 是否在某个列表中"
	* 
	* @groupList "参考用户组"
	*/
	public boolean function isUserInAnyAuthorizedGroups( required string groupList ) output=false {
		
		var userGroups = listToArray( getAuthorizedUserGroups(), ", " );
		var targetGroups = arguments.groupList;
		
		for ( var currentGroup in userGroups ) {
			if ( listFindNoCase(targetGroups, currentGroup, ", ") ) {
				return true;
			}
		}
		
		return false;
	}
	

}

</cfscript>